[618] in WWW Security List Archive
Re: Netscape Changes RSA tree
daemon@ATHENA.MIT.EDU (Paul Leach)
Mon Apr 24 18:58:19 1995
From: Paul Leach <paulle@microsoft.com>
To: rens@imsi.com, wcs@anchor.ho.att.com
Date: Mon, 24 Apr 95 10:40:18 TZ
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
We believe that there will be multiple hierarchies, and that you have
to decide which one(s) you trust. We also think that one hierarchy
should be able to set up a "trust-link" for those who trust it stating
what degree of trust the (possibly distributed) authority for that
hierarchy places in the other hierarchy.
I think this amounts to the "web-of-trust"; please correct me if I've
misinterpreted.
Even *if* a single hierarchy were desirable, it ain't gonna happen, as
far as we can see.
----------
| From: Rens Troost <rens@imsi.com>
| To: <wcs@anchor.ho.att.com>
| Cc: <www-security@ns2.rutgers.edu>
| Subject: Re: Netscape Changes RSA tree
| Date: Saturday, April 22, 1995 10:44AM
|
| Sender: owner-www-security@ns2.Rutgers.EDU
| Precedence: bulk
| Errors-To: owner-www-security@ns2.Rutgers.EDU
|
|
| >>>>> "wcs" == wcs <wcs@anchor.ho.att.com> writes:
|
| wcs> Hierarchical certification is often not appropriate.
| wcs> Generality is good, and it's not much harder than hierarchy,
| wcs> and it's a much better thing to build into a tool that will be
| wcs> widely used.
|
| This is right on the mark. Would any of the major vendors on this list
| care to comment on the direction they plan to take w/r/t certificates
| and de-hierarchifying? The strict heirarchical trust model is a serious
| impediment to actually getting secure commerce going; it's a barrier
| to entry, pure and simple.
|
| -Rens
|
|
